[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: What can applications running over ipsec assume?



	 Steve,

	 	It might be most appropriate for applications to express
	 security QoS parameters during connection establishment, but initially
	 applications will not be prepared to do this.  Moreover, one of the
	 motivations for IP layer security is the flexibility to implementing
	 it remotely from an end system, where an application has no direct
	 means of passing on its security QoS parameters. So, I think it is
	 very important to provide very good management tools that allow a
	 system administrator to express security QoS for classes of
	 associations, so that appropriate services can be selected
	 automatically, without explicit invocation by (or notification to)
	 applications.

Agreed, absolutely.  My point was more that an application *can*
behave differently if it knows the security level of a connection.
Thus, rlogin -- which uses address-based authentication, and hence is
not secure -- may be acceptable if the address is cryptographically
validated, and the administrator has reason to trust the originating
machine.

Your point about remote implementations is also a good one.  Some time
ago, I suggested that we needed some mechanism -- a header, or IP
options -- by which an IPSEC-aware host could request, or be informed
of, the security functions implemented by a remote encryptor (possibly
a bump-in-the-cord unit).  There's an obvious analogy to the IP security
label, which specifies this information implicitly.  Naturally, the
administrator would have to configure a machine to believe such labels,
and this should only be done in the proper physical environment.